143 lines
3.7 KiB
Markdown
143 lines
3.7 KiB
Markdown
---
|
||
title: "frp"
|
||
type: entity
|
||
aliases: [frp内网穿透, frp工具]
|
||
tags: [network, proxy, tunneling, open-source]
|
||
---
|
||
|
||
# frp
|
||
|
||
## Overview
|
||
**frp** (Fast Reverse Proxy) 是一个开源的高性能内网穿透工具,由 [fatedier](https://github.com/fatedier/frp) 开发维护。通过在公网服务器(frps)和内网机器(frpc)之间建立反向隧道,使内网服务可被公网访问。
|
||
|
||
## Architecture
|
||
|
||
frp 采用 C/S 架构,包含两个核心组件:
|
||
|
||
| 组件 | 全称 | 角色 | 部署位置 |
|
||
|------|------|------|---------|
|
||
| **frps** | frp Server | 服务端,监听客户端连接 | 公网 VPS |
|
||
| **frpc** | frp Client | 客户端,建立反向隧道 | 内网机器 |
|
||
|
||
## Core Concepts
|
||
|
||
### Protocol Types
|
||
- **TCP**:通用 TCP 代理,适用于 SSH、数据库等任意 TCP 服务
|
||
- **UDP**:通用 UDP 代理,适用于 DNS、视频流等 UDP 服务
|
||
- **HTTP/HTTPS**:专为 Web 服务设计,支持虚拟主机和路径路由
|
||
|
||
### Authentication
|
||
- **Token**:基于共享密钥的认证机制,frps 和 frpc 配置中的 `token` 必须一致
|
||
- Token 不一致会导致认证失败:`authentication failed token mismatch`
|
||
|
||
### Dashboard (Optional)
|
||
frps 可选启用 Web 管理面板:
|
||
```ini
|
||
[dashboard]
|
||
dashboard_addr = 0.0.0.0
|
||
dashboard_port = 7500
|
||
dashboard_user = admin
|
||
dashboard_pwd = StrongPassword123!
|
||
```
|
||
|
||
## Configuration Files
|
||
|
||
### frps.ini (服务端)
|
||
```ini
|
||
[common]
|
||
bind_addr = 0.0.0.0
|
||
bind_port = 7000
|
||
|
||
# 可选:Web Dashboard
|
||
dashboard_addr = 0.0.0.0
|
||
dashboard_port = 7500
|
||
dashboard_user = admin
|
||
dashboard_pwd = StrongPassword
|
||
|
||
# 认证 Token(必须与客户端一致)
|
||
token = YourSecretTokenHere
|
||
```
|
||
|
||
### frpc.ini (客户端)
|
||
```ini
|
||
[common]
|
||
server_addr = <frps公网IP>
|
||
server_port = 7000
|
||
token = YourSecretTokenHere
|
||
|
||
# TCP 映射示例:本地 5000 → VPS 15000
|
||
[nas]
|
||
type = tcp
|
||
local_ip = 127.0.0.1
|
||
local_port = 5000
|
||
remote_port = 15000
|
||
|
||
# SSH 映射示例
|
||
[ssh]
|
||
type = tcp
|
||
local_ip = 127.0.0.1
|
||
local_port = 22
|
||
remote_port = 60022
|
||
```
|
||
|
||
## Installation
|
||
|
||
### VPS (frps)
|
||
```bash
|
||
cd /opt
|
||
sudo mkdir frp && cd frp
|
||
FRP_VER=0.65.0
|
||
sudo curl -LO https://github.com/fatedier/frp/releases/download/v${FRP_VER}/frp_${FRP_VER}_linux_amd64.tar.gz
|
||
sudo tar xzf frp_${FRP_VER}_linux_amd64.tar.gz
|
||
sudo mv frp_${FRP_VER}_linux_amd64/* /opt/frp/
|
||
```
|
||
|
||
### systemd Service (frps)
|
||
```ini
|
||
[Unit]
|
||
Description=frp server (frps)
|
||
After=network.target
|
||
|
||
[Service]
|
||
Type=simple
|
||
ExecStart=/opt/frp/frps -c /opt/frp/frps.ini
|
||
Restart=on-failure
|
||
|
||
[Install]
|
||
WantedBy=multi-user.target
|
||
```
|
||
|
||
```bash
|
||
sudo systemctl daemon-reload
|
||
sudo systemctl enable --now frps
|
||
sudo systemctl status frps
|
||
```
|
||
|
||
## Common Use Cases
|
||
|
||
1. **Web 服务穿透**:内网 NAS、Web 应用通过子域名访问
|
||
2. **SSH 远程访问**:通过 `ssh -p 60022 user@vps.domain.com` 访问内网机器
|
||
3. **数据库远程连接**:MySQL、MongoDB 等数据库的远程管理
|
||
4. **监控系统访问**:Grafana、Prometheus 等内网监控面板的公网展示
|
||
|
||
## Advantages
|
||
|
||
| 特性 | 说明 |
|
||
|------|------|
|
||
| **轻量** | 单二进制文件,无额外依赖 |
|
||
| **高性能** | 基于 Go 语言,支持高并发连接 |
|
||
| **自动重连** | 网络中断后自动重连 |
|
||
| **热更新** | 支持配置热加载 |
|
||
| **多协议支持** | TCP/UDP/HTTP/HTTPS |
|
||
| **Web Dashboard** | 可选的图形化管理界面 |
|
||
|
||
## Related Concepts
|
||
- [[内网穿透]] — frp 是实现内网穿透的典型工具
|
||
- [[反向代理]] — frp 与 Caddy/Nginx 常配合使用
|
||
- [[TCP 隧道]] — frp 建立的底层连接机制
|
||
- [[VPS]] — frps 常部署在公网 VPS 上
|
||
|
||
## References
|
||
- GitHub: https://github.com/fatedier/frp
|
||
- 文档: https://gofrp.org/docs/
|